> Your points can be simplified to "I don't use cryptoloop, but someone else> might" and "we shouldn't do this in a stable kernel".> > Well, I want to hear from "someone else". If removing cryptoloop will> irritate five people, well, sorry. If it's 5,000 people, well maybe not.> > Yes, I buy the "stable kernel" principle, but here we have an example where> it conflicts with the advancement of the kernel, and we need to make a> judgement call.> > Actually, my most serious concern with cryptoloop is the claim that it is> insufficiently secure. If this is true then we'd be better off removing> the feature altogether rather than (mis)leading our users into thinking> that their data is secure.

The above sounds wrong / misguided.

First: "(mis)leading our users into thinking that their data is secure".Security is not a yes/no matter. There are degrees of protection againstvarious possible attacks.

Second: This seems to be a discussion about cryptoloop vs dm-crypt.But dm-crypt has the same weaknesses as cryptoloop, so from a cryptopoint of view there is zero reason to switch.

If there is a reason to switch it must be elegance and correctness androbustness of kernel implementation, together with the idea that wedo not need more than one kernel implementation of roughly speakingthe same concept. Not crypto, but just loop vs dm arguments.

Third: Announcing a date for the demise of cryptoloop seems a bit prematureat a point in time when dm-crypt is not quite usable yet.

I have the impression that cryptoloop and/or loop-aes presently are used bymore than your 5000 users.

James Morris wrote:

# Jari Ruusu ... Fruhwirth Clemens ...

So far, every time I checked the details Jari Ruusu has been right.In the present discussion Fruhwirth Clemens showed an amazing lackof understanding of cryptography. His threat model seems limited tothings like "chosen plaintext attack" etc.But there are so many entirely different attacks.

# Part of the reason for dropping cryptoloop is to help dm-crypt# mature more quickly.

A very strange reason. But maybe it fits in with dropping the ideaof a stable kernel.

# I've had some off-list email on the security of dm-crypt, and it seems# that it does need some work. We need to get the security right more than# we need to worry about these other issues.